DDoS attacks return with a vengeance: Kaspersky Lab

Any fraudster without even the technical knowledge or skill to organise a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion.

Published: 10 September 2017 - 12:14 p.m.

By: David Ndichu

The second quarter of 2017 was proof that long-lasting DDoS attacks are back in business.

The longest attack in the quarter was active for 277 hours
(more than 11 days) – which is a 131% increase compared to Q1. This is so far a
record for the year, says the Q2 2017 botnet DDoS report from Kaspersky Lab.

Duration was not the only distinctive feature of the DDoS
attacks between April and June. The geography of incidents has also seen a
dramatic change with organisations with online resources located in 86
countries targeted in the second quarter (compared to 72 in Q1).

The top 10
most affected countries were China, South Korea, USA, Hong Kong, UK, Russia,
Italy, the Netherlands, Canada and France — with Italy and the Netherlands
replacing Vietnam and Denmark that were among the top targets in Q1.

Targets of DDoS attacks included one of the largest news
agencies, Al Jazeera, Le Monde and Figaro newspaper websites and, reportedly,
Skype servers. In the second quarter of 2017, an increase in cryptocurrencies
rates also led to cybercriminals trying to manipulate prices through DDoS.
Bitfinex, the largest Bitcoin trading exchange, was attacked simultaneously
with the launch of trading in a new cryptocurrency called IOTA token. Earlier,
the BTC-E exchange reported a slowdown due to a powerful DDoS attack.

The interest of DDoS attack organisers in cash goes beyond
manipulating cryptocurrency rates. Using this type of attack to extort money
can be beneficial as trends in Ransom DDoS or RDoS demonstrate. Cybercriminals
usually send a message to the victim demanding a ransom that ranges from 5 to
200 bitcoins. If the company refuses to pay, attackers threaten to organise a
DDoS attack on a critically important online victim resource. Such messages can
be accompanied by short-term DDoS attacks to confirm the threats are very real.
At the end of June, a large-scale RDoS attempt was made by the group called
Armada Collective, who demanded about $ 315,000 from seven South Korean banks.

However, there is always another way which has become more
popular in the last quarter – Ransom DDoS with no DDoS at all. Fraudsters send
out threatening messages to a large number of companies in the hope that
someone will decide to be better safe than sorry. Demonstrations of attacks may
never happen, but if just one company decides to pay, that brings profit with
minimal effort from the cybercriminals.

“Nowadays, it’s not just experienced teams of hi-tech
cybercriminals that can be Ransom DDoS-attackers. Any fraudster who doesn’t
even have the technical knowledge or skill to organise a full-scale DDoS attack
can purchase a demonstrative attack for the purpose of extortion. These people
are mostly picking unsavvy companies that don’t protect their resources from
DDoS in any way and therefore, can be easily convinced to pay ransom with a
simple demonstration,” comments Kirill Ilganaev, head of Kaspersky DDoS
Protection at Kaspersky Lab.

Kaspersky Lab experts warn that if a victim company decides
to pay, it may bring long-term damage in addition to instant monetary loses. A
‘payer’ reputation spreads fast through the networks and may provoke further
attacks from other cybercriminals.